add FixedRedirectOnLogout plugin (v2.18.2-11)

guimard · May 1, 2024 · de73ca2 · de73ca2
1 parent 3154243
commit de73ca2
Show file tree

Hide file tree

Showing 5 changed files with 57 additions and 2 deletions.
diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml
@@ -4,7 +4,7 @@ env:
   VERSION: 2.18.2
   PGVERSION: 15
   DEBIANRELEASE: bookworm
-  DOCKERREVISION: 10
+  DOCKERREVISION: 11
 
 on:
   push:

diff --git a/Changes.md b/Changes.md
@@ -1,6 +1,7 @@
 # Changes
 
-* 2024-04-26: add llngUserAttributes tool
+* 2024-05-01: add FixedRedirectOnLogout plugin (v2.18.2-11)
+* 2024-04-26: add llngUserAttributes tool (v2.18.2-10)
 * 2024-04-18: add IgnorePollers plugin (v2.18.2-9)
 * 2024-04-17: add package libhttp-browserdetect-perl for Lemonldap::NG::Portal::Plugins::LocationDetect
 * 2024-04-08: add `DEFAULT_WEBSITE` and `PROTECTION` env var

diff --git a/base/install/etc/cont-init.d/update-llng-conf b/base/install/etc/cont-init.d/update-llng-conf
@@ -99,6 +99,12 @@ PORTALURL=`portalUrl "$PORTAL"`
 /usr/share/docker-llng/updateConf "setDomain" "$SSODOMAIN"
 /usr/share/docker-llng/updateConf "set" portal "$PORTALURL"
 
+# Fix logout redirection
+if test "$FIXED_LOGOUT" != ""; then
+    echo "Configure LLNG to redirect all logouts on $FIXED_LOGOUT"
+    /usr/share/docker-llng/updateConf set fixedLogoutRedirection "$FIXED_LOGOUT"
+fi
+
 if test "$CROWDSEC_SERVER" != ""; then
     echo "Configure LLNG to use $CROWDSEC_SERVER as Crowdsec server"
     /usr/share/docker-llng/updateConf set crowdsec 1

diff --git a/portal/Dockerfile b/portal/Dockerfile
@@ -38,6 +38,7 @@ RUN echo patch appgrid.patch && patch -p1 < appgrid.patch && \
     echo patch oidc-auth-pkce.patch && patch -p1 < oidc-auth-pkce.patch && \
     echo patch jitsi.patch && patch -p1 < jitsi.patch && \
     echo patch ignorepollers.patch && patch -p1 < ignorepollers.patch && \
+    echo patch fixedLogout.patch && patch -p1 < fixedLogout.patch && \
     rm -f *.patch
 
 RUN echo "# Install nginx configuration files" && \

diff --git a/portal/fixedLogout.patch b/portal/fixedLogout.patch
@@ -0,0 +1,47 @@
+--- a/usr/share/perl5/Lemonldap/NG/Portal/Main/Plugins.pm
++++ b/usr/share/perl5/Lemonldap/NG/Portal/Main/Plugins.pm
+@@ -14,6 +14,7 @@ use Mouse;
+ # Developers: 2FA must be loaded before Notifications
+ # Developers: GlobalLogout must be the last loaded plugin
+ our @pList = (
++    fixedLogoutRedirection              => '::Plugins::FixedRedirectOnLogout',
+     portalDisplayResetPassword          => '::Plugins::MailPasswordReset',
+     portalDisplayCertificateResetByMail => '::Plugins::CertificateResetByMail',
+     portalStatus                        => '::Plugins::Status',
+--- /dev/null
++++ b/usr/share/perl5/Lemonldap/NG/Portal/Plugins/FixedRedirectOnLogout.pm
+@@ -0,0 +1,34 @@
++package Lemonldap::NG::Portal::Plugins::FixedRedirectOnLogout;
++
++use strict;
++use Mouse;
++use Lemonldap::NG::Portal::Main::Constants 'PE_OK';
++use URI;
++
++our $VERSION = '2.20.0';
++
++extends 'Lemonldap::NG::Portal::Main::Plugin';
++
++use constant beforeLogout => 'run';
++
++sub init {
++    my ($self) = @_;
++    if ( $self->conf->{fixedLogoutRedirection} ) {
++        my $host = URI->new($self->conf->{fixedLogoutRedirection})->host;
++        $self->conf->{trustedDomains} .= " $host";
++        $self->conf->{trustedDomains} =~ s/^ //;
++    }
++    return 1;
++}
++
++sub run {
++    my ( $self, $req ) = @_;
++    if ( $self->conf->{fixedLogoutRedirection} ) {
++        $req->logger->debug("Force logout redirection");
++        $req->mustRedirect(1);
++        $req->urldc( $self->conf->{fixedLogoutRedirection} );
++    }
++    return PE_OK;
++}
++
++1;